At present there is a broad variety of means for the development of executable files. Often during the development of software, especially when creating executable files, instructions different from machine instructions are placed in those files, such as instructions in the form of intermediate code (such as Common Intermediate Language, or CIL, instructions) or scripts.
When emulating the execution of files (such as Portable Executable, or PE, files) it is important to form as complete a log of function calls as possible. The completeness of such a log influences in particular the quality of detection of malicious files (such as the detection rate) when emulating their execution. When the executable file uses data or function types from dynamic libraries, the emulator carries out a number of steps of the operating system (OS) loader. For example, for executable files for the Windows OS, the emulator performs changes in the IAT (Import Address Table) section of the image of the executable file, relating to the fixing of the addresses of functions which need to be called during the execution of the file (and, accordingly, also during emulation of the execution). The emulator saves the information entered into the IAT as to the correspondence between the addresses of the functions and their names. Thus, when a certain function is called during the emulation of the execution of a file, the emulator determines that a certain library function has been called and changes the function call log appropriately.
But while emulating the execution of files which contain instructions different from machine instructions, no information at all is saved in the IAT on functions formalized in a way different from machine instructions, so that the problem arises of logging (recording the function calls in a log) of instructions, including also functions, formalized in a way different from machine instructions.